Phishing for Humans (Your Business’s Weakest Link)| July 9, 2020
Cybersecurity is everyone’s responsibility. Unfortunately for businesses and organizations of all sizes, users are typically the weakest link when it comes to phishing attacks and scams.
Despite all of the anti-virus software and modern firewalls available, a perfectly patched computer system is still vulnerable to a cyber attack if the end-user isn’t able to recognize a security breach attempt. End-users usually fall prey to sneaky and sophisticated attacks that appear to be from legitimate sources–coworkers, bosses, customers, or vendors, and other organizations. Their systems are then compromised by having weak passwords or by not identifying a phishing attempt from a malicious source.
Because insurance companies recognize that the weakest link in cybersecurity is usually humans, schools, businesses, and organizations need to implement ongoing safety and security training for employees.
What is Security Awareness Training?
Organizations that don’t have an in-house IT team can benefit from purchasing a subscription to a Security Awareness Training (SAT) service. This service provides a series of online modules and quizzes to train and test users across your organization. At Concensus, we recommend that end-users take modules that educate them on passwords, email security, website security, and physical security.
In addition to training, most services test end-users on their awareness across the essential areas of cybersecurity. Tests, known as penetration testing, will include areas like identifying a fake or phishing email, and evaluating if they input passwords, private data, or click on links that are trying to phish for information.
Why Does Your Business, School, or Organization Need It?
We can’t stress this enough: Cybersecurity is everyone’s responsibility across an organization. Protecting the privacy of students, employees, vendors, and all users very likely are insurance or compliance requirements that are stipulated in your insurance agreement.
For instance, in schools, scammers often prey on students by sending emails claiming to be from a particular department or offering scholarships, phishing for private financial information. Throughout COVID-19, there have been many scams targeting college students, offering them “relief funding” due to the pandemic. Across organizations and businesses, email scams have run rampant in pretending to offer relief, information, or services that pertain to recovering from the pandemic. Security Training Awareness can help IT administrators and leadership recognize some of these scam risks before it’s too late, and ensure their teams are well-informed and educated enough to avoid them.
What are the Next Steps?
Your school, business, or organizational environment, and most importantly, your users, can’t afford to wait until a cybersecurity breach or security event occurs to take action on awareness, training, and comprehensive protocols.
Talk with the IT experts at Concensus about available options and choose a system with many modules for user training. Together, we can institute a training protocol for current employees and implement a proactive approach to cybersecurity training that requires all new employees to take the training assessment. Once a training plan is in place, best practices recommend continuing testing at least twice per year on a random basis.